I've noticed a disturbing trend lately and not quite sure if it's just me, or happening more in the industry. Or, maybe it's because my credit card, for the 2nd time in less than 2 years, was compromised by someone (Visa won't tell me who -- and with today's BI, it's pretty easy to figure out I would image). So, I'm seeing a number of sites on the internet not using SSL when capturing PII. Clearly, this is crucial for credit card transactions, but it's also important for PII. Of course, SSL only encrypts the traffic between you and the domain, and ensures the domain is who it says it is -- what the host does with your data is out of your hands. It's a little like going into the kitchen at a restaurant. :)The other day I was lamenting with a colleague about my lame internet connection while we were playing around with the cool sharing features in Office Communicator. (Bottom line was my connection chokes on camera and desktop sharing.) The best I can do on my internet connection is, sadly, 512k upload:The chart is fairly amusing on various levels but seeing that I'm out of luck in going beyond 512k, I decide to contact customer support to see if there's anything I can do. Heck, even 768k upload would open a lot of opportunities.But when I go to ask a question on the support page, I see this page:No SSL? No credit card information but surely enough PII to make me feel SSL should be required here. Now, this scenario is a bit different since I'm a customer, so I did a traceroute to see where my data was going:So, fortunately, as long as I'm sending the data from my house, it seems my data is reasonably secure as it's staying within Time Warner's domain and frankly, that's the best you can get from SSL. I didn't submit the data, but it made me realize how many sites I've run into that don't use SSL, or access points that are insecure. I recently permanently borrowed Glen's HTC Touch Pro, and it has built in wifi. I left it on and as I drove around, I was completely stunned at home many times the phone would ding that a new wireless network was available -- and most were insecure. So is this my imagination, or is security really this bad?